Twitter Details Phishing Attacks Behind Password Reset

Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.

Twitter revealed more
details about the phishing attacks that caused the company to reset the
passwords on some user accounts Feb. 2.
According to Twitter
Director of Trust and Safety Del Harvey, there was a sudden surge in followers
for certain accounts during the last five days. For that reason, the company
decided to push out a password
reset to the accounts, he said.

"It appears that for a
number of years, a person has been creating torrent sites that require a log-in
and password as well as creating forums set up for torrent site usage and then
selling these purportedly well-crafted sites and forums to other people
innocently looking to start a download site of their very own," Harvey blogged.
"However, these sites came with a little extra-security exploits and backdoors
throughout the system. This person then waited for the forums and sites to
get popular and then used those exploits to get access to the username, email
address, and password of every person who had signed up.
"Additional exploits to
gain admin root on forums that weren't created by this person also appear to
have been utilized; in some instances, the exploit involved redirecting
attempts to access the forums to another site that would request log-in
information," he continued. "This information was then used to attempt to
gain access to third party sites like Twitter."
Harvey stated that Twitter has
not identified all of the torrent forums involved, but urged anyone
who has signed up for one built by a third party to change their password
there.
"The takeaway from this is
that people are continuing to use the same email address and password (or a
variant) on multiple sites," he blogged. "Through our discussions with affected
users, we've discovered a high correlation between folks who have used third
party forums and download sites and folks who were on our list of possibly
affected accounts."
Not all of the accounts affected were linked to torrent sites, Harvey
added. Earlier Feb. 2, a Twitter spokesperson told eWEEK that some users had
signed up for "get followers fast schemes."
Twitter is no stranger to
phishing. In
May, for example, Sophos detected a phishing scam where attackers used a
URL shortening service to disguise a link to a phishing site that requested the
victim's Twitter credentials. Twitter offers tips for keeping accounts safe here.